What does the PSD2 mean for Alternative Payment Methods (APMs)?

Tuesday 20 June 2017 | 12:32 PM
CET

By January 2018, the PSD2 will be law in all EU states. But what does that mean for APMs? The answer, says PPRO’s Ralf Ohlhausen, is actually really straightforward

With just over six months before all member states must incorporate the Revised Payment Services Directive (PSD2) into law, there seems to be some confusion about what the new directive means for alternative payment methods. There needn’t be. The answer is simple.

PSD2 defines what it calls Payment Initiation Service Providers (PISPs). A PISP is a service which can initiate a payment by itself at the request of an end user. Imagine, for instance, a service that you select at an ecommerce store’s checkout and which allows you to transfer money from your online bank account to the merchant - paying for the goods you wish to purchase - without requiring any user action apart from providing their credentials to authorise it.

Under PSD2, such a service would be defined as a PISP, i.e. initiating payments “on behalf of the user”. To continue operating once the directive is in law, the service provider must register with its home state’s financial regulator. The regulator will check their data and transaction security measures and any other obligations and, assuming all is in order, issue the company with a licence. Being licenced by one EU member state, allows the company to operate in all member states. If it operates in accordance with the law, it can continue to trade with — at least in theory — no disruption.

So all APMs are covered by PSD2?

Not at all. Firstly, there are many APMs not using bank transfers anyway and even for those that do, most of them are not payment initiators themselves. Services such as iDEAL, giropay, MyBank and many others do not collect user credentials and are not acting “on behalf of the user”.

They are what is known as ‘redirect services’. The customer chooses the service at checkout and is automatically redirected to their bank’s online login page. When they login, using their credentials, the transaction has been auto-populated for them, but they still have to go through a number of different screens – similar to a non-automated bank transfer they would do just by themselves.

Hence, these services offer an extra layer of convenience, but users have to initiate the payment themselves. Therefore, they do not qualify as PISPs under the terms of PSD2 and such companies do not have to obtain a license from their national regulator. They can continue to operate as they do today.

So why the confusion?

The PSD2 has thrown the industry something of a curveball. Originally, the expectation was that the new directive would clarify and regularise the status of existing and future PISPs. In return for accepting regulatory oversight and for agreeing to certain conditions, notably identifying themselves to the banks as part of the transaction handshake, PISPs would be able to carry on much as before.

However, the process of drafting the PSD2’s Regulatory Technical Standards (RTS) has thrown this assumption into doubt. To the industry’s surprise, the original draft of the RTS contained elements that would not have allowed PISPs to continue their business model.

Most notably, it specified that banks could simply deny PISPs the use of the online banking interface they provide to their customers. Instead, banks could provide a separate, dedicated, interface just for their new competitors. The fintech industry was not happy with this solution, because it makes the viability of their business model dependent on the banks keeping that “competitor-interface” at par with their customer-interface, which of course would not really be in their own interest.

As a result, there has been a lot of debate and back and forth about the terms and definitions within the RTS. The good news is, that the European Commission has now changed some of the content of the RTS to make them less harmful to the needs of EU consumers and fintech providers, however, there is still a lot to be desired.

The bad news is that the back and forth around PSD2 and this RTS — which is, in any case, already an alphabet soup of new acronyms to be understood and memorised — has probably gone a long way to confusing the market. At least on the point covered by this article — which companies are and are not PISPs — this confusion is unnecessary.

If, as part of its business model, a payment service acts on behalf of end users and handles confidential customer data, it’s a PISP and needs to register with its national financial regulator in order to continue trading. Exactly what this registration and subsequent licensing will entail, depends on how a company’s national legislature transposes the PSD2 into that country’s law.

About Ralf Ohlhausen

Ralf Ohlhausen, Business Development Director, MSc in Mathematics and Master of Telecommunications Business, has over 25 years’ experience in ecommerce, financial services, mobile telecoms and IT. Before joining PPRO Group, he was President Europe at SafetyPay. Other management positions on his international career path took him to Digicel, O2, British Telecom and Mannesmann-Kienzle. At PPRO, Ralf is responsible for expanding the company’s portfolio and global reach, as well as developing new business areas and partnerships. Since the end of 2016 Ralf Ohlhausen is a member of the Euro Retail Payments Board (ERPB) of the European Central Bank (ECB) representing the interests of the Electronic Money Association (EMA).

About PPRO Group

PPRO Group (PPRO), a cross-border e-payment specialist, removes the complexity of international ecommerce payments by acquiring, collecting and processing an extensive range of alternative payments methods for Payment Service Providers (PSPs) under one contract, through one platform and one single integration. PPRO supports international payment methods across more than 100 countries, allowing PSPs to expand their merchants’ ecommerce reach, arrange hassle-free collection and achieve higher conversion rates.